<?php
/***************************************************************
*  DYNAMO - Simple yet powerful CMS - www.dynamocms.com
*  Copyright (c) M31 2003-2008 - www.m31web.com
*
*  This script is part of the DYNAMO project. The DYNAMO
*  project is free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 2 of the License, or
*  (at your option) any later version.
*
*  The GNU General Public License can be found at
*  http://www.gnu.org/copyleft/gpl.html or included in the distribution
*
*  This script is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  This copyright notice MUST APPEAR in all copies of the script!
*
*  File Name: xxx.php
*      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
* 	
*  File Authors:
*      1.0 : Creation by Jean-Francois Faudi
* 
***************************************************************/

	function getGlobalVar($var)
	{
		if (isset($_POST[$var]))
			return stripslashes($_POST[$var]);
		else if (isset($_GET[$var]))
			return stripslashes($_GET[$var]);
		else if (isset($_FILES[$var]))
			return $_FILES[$var];
		else if (isset($_SESSION[$var]))
			return $_SESSION[$var];
		else
			return ""; 
	}
	
	// Variables classiques
	$PHP_SELF = $_SERVER["PHP_SELF"];
	$HTTP_HOST = $_SERVER["HTTP_HOST"];
			
	// Report all PHP errors
	if ($option_debug)
	{
		error_reporting(E_ALL);
		ini_set("display_errors", "1");
	}
	else
	{
		error_reporting(E_ALL & ~E_NOTICE);
		ini_set("display_errors", "1");
	}
		
	// Definition des variables
	$user_login = "";
	$user_level = 0;
	$user_role = 0;

 	// Definition des variables
	$my_login = getGlobalVar("my_login");
	$my_password = getGlobalVar("my_password");
	
	// Start the session
	session_start();	
	//session_set_cookie_params(0, "/", $HTTP_HOST, false);

	// Restaure les variables de session
	if (isset($_SESSION["user_login"]))
		$user_login = $_SESSION["user_login"];
	if (isset($_SESSION["user_fname"]))
		$user_fname = $_SESSION["user_fname"];
	if (isset($_SESSION["user_email"]))
		$user_email = $_SESSION["user_email"];
	if (isset($_SESSION["user_role"]))
		$user_role = intval($_SESSION["user_role"]);
	if (isset($_SESSION["user_level"]))
		$user_level = intval($_SESSION["user_level"]);

	if (($user_login == "") and (($my_login != "") and ($my_password != "")))
	{
		// Chargement de la routine de connection
		//if (file_exists($DOCUMENT_ROOT . $site_path . "/cms/scripting/connect_database.php"))
		require_once($install_path . "/cms/scripting/connect_database.php");
	
		$query = "SELECT * FROM " . $tbl_prefix . "users WHERE login = '$my_login'";
		$mysql_result = database_query($query);
		  
		// on recupere le mot de passe
		$row = mysql_fetch_object($mysql_result);
		$stored = $row->password;
		
	 	if ($my_password == $stored)
		{
			// on recupere chaque valeur importante
			$user_login = $row->login;
			$_SESSION["user_login"] = $user_login;			
			
			$user_fname = $row->name . " " . $row->surname;
			$_SESSION["user_fname"] = $user_fname;
			
			$user_email = $row->email;
			$_SESSION["user_email"] = $user_email;
			
			$user_role = $row->role;
			$_SESSION["user_role"] = $user_role;

			$user_level = $row->level;
			$_SESSION["user_level"] = $user_level;

			// on relance le browser
			//if ($auto_refresh)
			//{
			//	print "<html><head><title></title></head>";
			//	print "<body bgcolor=\"#FFFFFF\" text=\"#000000\" onload=\"parent.location.reload(true);\">";
			//	print "</body></html>";
			//	exit();
			//}
		}
	}
	
?>